IT Admins Disagree on Level of Security, Priorities and Responsibility for Remediation.
Every day, countless invisible machine-to-machine (M2M) transactions and processes power automation of critical business and operational processes across industries. However, even as automated processes become the dominant mode of computing – outstripping the traditional model of interactive human-to-computer transactions – M2M security is often overlooked or misunderstood.
These findings are the results of a commissioned study conducted by Forrester Consulting on behalf of SSH Communications Security, known the world over as the inventor of the ubiquitous secure shell and SFTP protocols. The study surveyed 151 US enterprise IT decision-makers responsible for IT security in financial services, the federal government, retail, manufacturing, utilities/energy/waste management, business services, and high-tech (hosting and cloud services providers) industries.
The study found that the rise of machine-to-machine (M2M) connections within data centers across industries has far outstripped the awareness of organizations about how best to secure them, resulting in a misalignment of security and compliance priorities that is placing organizations at risk.
Organizations expect to increase their volume of M2M transactions.
- M2M processes are used by virtually all organizations, and sixty-two percent of organizations expect to increase their use of M2M processes over the next 12 months.
- More than half of the financial institutions surveyed currently use M2M connections for billing.
- Fifty percent of respondents currently use M2M for logistics management and customer service.
M2M security is not seen as a high priority despite its role in data security
- Despite wide usage of M2M transactions and processes to power critical business functions, organizations are not paying adequate attention to M2M security.
- Few organizations appear to make the connection of robust M2M security as an important component of data security strategy – a top priority for many firms.
- Sixty-eight percent of respondents said data security was a critical priority, while only 25 percent said the same about M2M security.
Secure Shell Used Widely to Secure M2M Processes, but Management is Lacking
- Organizations depend on Secure Shell for a number of uses, but are challenged to adequately manage Secure Shell keys in the network, leaving keys open to theft.
- Financial institutions and hosting/cloud providers are the most likely to use Secure Shell to secure M2M communications.
- Financial institutions are the least likely to say they have no Secure Shell access control issues (29 percent) while government institutions are most likely to say that their Secure Shell situation is fine (65 percent).
- Tellingly, 65 percent of respondents said they centralize Secure Shell key management, while an equal 65 percent admitted that responsibility for Secure Shell management is shared among individuals.
Tatu Ylonen, CEO of SSH Communications Security and inventor of the SSH protocol, said:
“As organizations across all sectors embrace the concept of the Internet of Things, enabling more objects and sensors to communicate to support new business models, the need to secure automated M2M connections is increasingly critical. However, misunderstandings regarding how best to secure M2M transactions – and whose responsibility it is to do so – have placed organizations under significant risk of data breach.”
“We commissioned this study to discover how financial institutions, enterprises and government agencies perceive their M2M security needs. We discovered that they must take bold steps to evaluate the scope and strength of their M2M security strategies if they are to prevent data theft and comply with industry standards.”
“The Rise of IT Automation and the New Security Imperatives: Growth in M2M Processes Requires a Fresh Approach to Security,” published Feb. 14, 2014 by Forrester Consulting.